f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4

Analysis

max time kernel
161s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 03:02

Target

f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
Size

1.3MB
MD5

348f403c1effa9acd3e20569897e9e07
SHA1

83365fe36dba555087f984b8c684db802f8f5a86
SHA256

f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4
SHA512

439ba9ad05266ac2bcf9ffaad2030618264a797a9449a3c4acd2c1e574d3f33ce9424b35cc9bd0e06f72a06038801956a813627ae5c19fc220f1c1d73267dca8
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakA:TrKo4ZwCOnYjVmJPa7

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1520 set thread context of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1992	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
1992	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
1992	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
1992	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
1992	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82
PID 1520 wrote to memory of 1992	1520	f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe	82

C:\Users\Admin\AppData\Local\Temp\f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
"C:\Users\Admin\AppData\Local\Temp\f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\f7ef8acd8b6b9b4fedc0157678d4c60db9c93b03ded83a600d755151f22adcf4.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1992

memory/1992-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1992-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1992-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1992-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1992-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download